Mailinglist Archive: opensuse (3156 mails)

[Anders Johansson <ajh@xxxxxxxxxx>]

On Sunday 23 December 2007 19:31:45 primm wrote:
> > > > nfs is good, it mostly just works. But v3 has drawbacks in security,
> > > > so if you're not in total control of the network, it might not be so
> > > > good
> > > >
> > > > nfsv4 + kerberos can provide real authentication and encryption
> > > > though, so you still don't have to abandon nfs
> > >
> > > 4 years ago it cost me two days work and a 300 Euro installation cost
> > > from an engineer who also sold me the licences for my workstations.
> > > That was w2000.
> > >
> > > It was plagued by viruses and most of my hardware wan't recognised so I
> > > had to fork out for new machines too. 5000 Euros later.
> > >
> > > I'm now reading that Linux nfs which I installed by yast all by myself
> > > is also a security risk.
> >
> > It is a security risk in that it's not encrypted.
> >
> > Another problem is that the nfs server in versions 3 and below fully
> > trusts the client about user IDs. It won't put viruses on your machines,
> > but it does mean that if you don't control the root account on all
> > machines, anyone can read any file, or write to any share.
>
> What? So, I login as me. There is no way nfs will let me write to the
> folders of other users. Unless the other user has given me permission to do
> so. What do you mean by 'control the root account on all machines'? No one
> else other than me can login as root on any box on my network.

That is exactly what I mean by "controlling the root account". So you don't 
have a problem then

Anders

-- 
Madness takes its toll
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx